nettechfandomcom-20200213-history
Grooveshark Internal API
Grooveshark is a Music streaming service providing user-uploaded MP3s for listening in a flash-based player. It also has an intergrated social network-type service and provides suggestions to you based on your listening habits similar to last.fm . Grooveshark has also recently released mobile applications for a number of platforms aside from their flash player. Warning Using the information below to communicate with Grooveshark servers is against their TOS. They use heuristics to determine if a client is valid; if you create a client that misbehaves in a way that triggers their attacker detection, your IP address (or the IP addresses of your users) will be flagged as an attacker, and Grooveshark will cease to work properly. Communicating with Grooveshark Grooveshark's servers use simple PHP and HTTP to authenticate and communicate with the flash player. All communications (with the exception of retriving a song with a streamKey) are done by POSTing a JSON object to either http://cowbell.grooveshark.com/service.php or https://cowbell.grooveshark.com/service.php (or /more.php). The offical flash client uses HTTPS to authenticate the tokens and user, and uses regular HTTP for all other transactions. Most methods require a JSON request in the following format (italics are variables): {header: {client: "gslite", uuid: the_uuid, token: the_token, country: country_parameters, clientRevision: version_string}, method: the_method_name, parameters: {...the function-specific parameters...}} The UUID is a normal flash/flex UUID which is in the form of: AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE The token is the field calculated in the section, using a token. For the initial login where you get a token (e.g. the getCommunicationToken method), token is replaced by session: the_session_id, (see "Getting a Session ID" below). The offical flash client also includes a parameter in the header named 'country', which can be populated from the listen.grooveshark.com page as it is set as one of the javascript variables in initPage, but must be urldecoded. It is not required for operation but may be used in the future to distinguish between offical and unoffical clients. Known Grooveshark Methods See Grooveshark Methods for a (somewhat incomplete) description of the known Grooveshark methods. Getting a Session ID This can be simply retrieved by navigating to http://listen.grooveshark.com/ and extracting the PHPSESSID set-cookie. Getting a Token To get a token, you must first get a session id, as above. Then you must POST a JSON object, with the method "getCommunicationToken", and parameters of "secretKey" (which the value is a md5 hash of the session ID) to https://cowbell.grooveshark.com/service.php The response will be a JSON object, and the token will be contained in the result value if successful. Using the Token When creating a request other than getCommunicationToken, you must add a token parameter, which is a 45 character value created as such: # Generate 6 random hex characters # Create a SHA1 hash of: the method you plan to use + ":" + your token + ":quitStealinMahShit:" + the random characters generated previously # The final token will be the 6 random characters + the SHA1 hash Note: You may see instances where the token is calculated using the string 'theHumansAreDead' or 'theColorIsRed'. That are old salts and no longer in use - please replace it with 'quitStealinMahShit'. Retrieving Songs To retrieve a song, you must first know it's ID number, then use the getStreamKeyFromSongIDEx method and parameters of prefetch: false, songID: (SONG ID), country: (COUNTRY VALUE), mobile: false. This will return a JSON object, where the stream key is JSON->result->streamKey and server is at JSON->result->ip. To retrieve the URL of the song, do a normal POST with the post data streamKey=STREAM_KEY to http://STREAM_SERVER/stream.php where STREAM_SERVER was found before in 'ip'. Most songs are stored on Akami servers using just a plain old GET URL and therefore the script will return 302 Found with a Location header, however some are returned by the stream.php script directly. Please note that the offical player makes many more requests to the server related to queueing and playlists. At the present time, this can easily be ignored but may be employed by heuristics in the future. Those requests are beyond the scope of this article, see Grooveshark Methods for a more in-depth description of all these other methods. Debugging If you find something isn't going to plan, try debugging by using Wireshark(for normal HTTP requests) or oSpy (for requests involving HTTPS/SSL). Usually the response is gzip-ed, so you'll need to decode it somehow (I usually copy the hex to a file, name it something.gz and open it in 7zip). You may also try Tamper Data, an extension for Firefox to make the whole process much easier. Most of the information on Grooveshark has been compiled by User:Adammw, please contact me if you require any assistance with Grooveshark or if you notice there's something important missing. Thanks =) Category:Music